Date: Mon, 22 Dec 2008 11:04:53 +0100 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org, KES <kes-kes@yandex.ru> Cc: users@subversion.tigris.org Subject: Re: can not start SVNserve Message-ID: <200812221104.55946.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <498807086.20081221134904@yandex.ru> References: <42213407.20081212101341@yandex.ru> <200812211210.48287.fbsd.questions@rachie.is-a-geek.net> <498807086.20081221134904@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 21 December 2008 12:49:04 KES wrote: > =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel. > > =C2=FB =EF=E8=F1=E0=EB=E8 21 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 13:10:47: > > M> On Thursday 18 December 2008 09:03:54 KES wrote: > >> =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Mel. > >> > >> =C2=FB =EF=E8=F1=E0=EB=E8 18 =E4=E5=EA=E0=E1=F0=FF 2008 =E3., 9:05:35: > >> > >> M> On Wednesday 17 December 2008 21:02:07 KES wrote: <snip> > >> Also I notice next differences between FreeBDS 7.0 and 7.1 (detail > >> below) Notice that on both system account is locked, has no valid shell > >> and home directory > >> on FreeBSD 7.0 when I try to login with svn user it says: This account > >> is currently not available. on FreeBSD 7.1 when I try to login with svn > >> user it says: su: Sorry Maybe there is a problem with su on FreeBSD 7.= 1? > >> > >> > >> > >> home# pw user show svn > >> svn:*:1003:1002::0:0:SVN user:/nonexistent:/usr/sbin/nologin > >> home# su svn > >> This account is currently not available. > >> > >> > >> kes# pw user show svn > >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/bin/bash > >> kes# su svn > >> su: Sorry > >> kes# pw user mod svn -s /usr/bin/nologin > >> kes# pw user show svn > >> svn:*:1005:1005::0:0:SVN user:/nonexistent:/usr/bin/nologin > >> kes# su svn > >> su: Sorry > > M> The problem is elsewhere. Probably in pam(3) on the faulty machine. The > only M> change to su.c from 7.0 to 7.1 is fixing a compiler warning. There > are 3 M> instances where su exits with "Sorry". All occasions are logged = to > syslog. M> Can you dig those log entries up? > > Dec 21 13:47:54 kes su: kes to root on /dev/ttyp5 > Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: checkyesno: svnserve_enable = is > set to YES. Dec 21 13:47:58 kes kes: /r/svnserve: DEBUG: run_rc_command: > doit: su -m svn -c 'sh -c "/usr/local/bin/svnserve -d --listen-port=3D3690 > --foreground -r /var/db/trunk"' > Dec 21 13:47:58 kes su: pam_acct_mgmt: authentication error > > Yeah, there is problem with pam. Why pam restrict root to run command > under other user? Is /etc/pam.d/su present and does it contain the line: account include system If so, the /etc/pam.d/system should contain: # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so If this is all ok, I suggest rebuilding pam with OPENPAM_DEBUG defined, so= =20 that you can see where things go wrong. Just out of curiousity, if you install something like mysql or squid, those= =20 users should be inaccessable for the same reason, cause I don't see anythin= g=20 wrong with the svn user itself. =2D-=20 Mel Problem with today's modular software: they start with the modules and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812221104.55946.fbsd.questions>